On Fri, 28 Feb 2014 03:46:49 -0800, Mike Hearn m...@plan99.net wrote:3) Whilst these payment processors currently verify merchants so the security risk is low, in future a lighter-weight model or competing sites that allow open signups would give a weak security situation: a hacker who
Perhaps the UI just isn't expressive enough currently to expose this
situation in any way, let alone reliably alert the user to the issue,
because there's no way for the payment processor to get authenticated
fields other than memo into the UI.
I think for now as long as payment processors
On Sat, Mar 1, 2014 at 9:07 PM, Dev Random c1.devran...@niftybox.netwrote:
I'm wondering about the small business case. A small business or an
individual might not have the technical expertise to perform the
delegation signature.
If they take delivery of an SSL cert from the CA themselves,
On Sun, Mar 2, 2014 at 4:20 PM, Andreas Schildbach andr...@schildbach.dewrote:
I somehow think that it is too early for this heavy kind of extension,
given that the first version of BIP70 isn't even deployed widely let
alone *used*.
Definitely agree - like I said, I publish this only because
Another example use-case to back up devrandom's point is using a twitter
handle as the merchant name. In that example, a 3rd party service hosts
and signs the PaymentRequest, but when someone opens that PaymentRequest in
their wallet, they should know that they are paying the specified twitter
Now we're starting to see the first companies deploy BIP70, we're
encountering a need for identity delegation. This need was long foreseen by
the way: it's not in BIP70 because, well, we had to draw the line for v1
somewhere, and this is an issue that mostly affects payment processors. But
I
6 matches
Mail list logo
